This page also describes how to install a self-signed certificate. A self-signed certificate is a good choice for a staging or development environment where you want to test SSL features, but aren't ready to purchase an SSL certificate.

Types of SSL certificates

Engine Yard supports single-domain and wildcard-domain certificates. Get a single-domain certificate if you anticipate having one application running on one domain address. If you use sub-domains, then you'll need a wildcard-domain certificate.

SSL certificate type

Example

Single domain

https://www.mydomain.com

Wildcard domain [*.mydomain.com] (A single domain, with subdomains.)Note: Not all vendors include the root domain (e.g. mydomain.com) in the wildcard-domain certificate.

Note: There is a limit of 20 SSL certificates per region, per account. If you need more than this, contact Engine Yard Support.

Error when Adding SSL Certificates

If you encounter an error message while adding the ELB SSL certificate, it is likely due to the key not using an encoding that is accepted by AWS. You can re-encode the key using the following command (run from any MacOS/Linux/Unix/BSD machine):

openssl rsa -in sslcert.key -out sslcert.new

After you have run this command, you can verify that the new key is compatible with the existing key and certificate file by running the following command over the three files and verifying the modulus is identical:

After installing a certificate, does the application respond on http port 80 and on https port 443 or just the latter. My hope is that it supports both simultaneously. Are steps beyond those outlined above required to make it respond on both ports?